Patents Assigned to Vectra AI, Inc.
-
Publication number: 20240195827Abstract: Disclosed is an improved approach for managing security alerts to automatically isolate malicious security alerts from benign alerts using an ensemble model of pattern recognition techniques. In some embodiments, the approach provides for automatically isolating security alerts of malicious attack from security alerts that correspond to undesirable, yet benign, activity in computer networks, cloud infrastructures and SAAS applications. Specifically, the approach provides for qualitative contextual assessments of these alerts using an ensemble of models. These ensemble models leverage a history of security events on a computer network, cloud infrastructure and SAAS applications to determine a level of relevance for received alerts and determine, based on that level of relevance, how or if they should be presented to an administrator.Type: ApplicationFiled: November 30, 2023Publication date: June 13, 2024Applicant: Vectra AI, Inc.Inventors: Hsin Chen, Himanshu Mhatre, Irina Javed, Daniel Carlton Hannah
-
Publication number: 20240195831Abstract: Disclosed is an improved approach for translating entity prioritization rules to a continuous numerical space. In some embodiments, the approach provided is a system for using qualitative prioritization criteria to train a system that generates quantitative urgency scores for entities. In some embodiments, this comprises an embedding scheme that enables the translation of entity information and their related alerts to a set of qualitative labels based on at least quantitative information. Generally, the system includes a set of analyst actions that establish desired mappings which are used to train a more general model that maps entity embeddings to responses. In some embodiments, the approach comprises one or more models that receive an entity embedding as an input and outputs a score that characterizes the urgency of the response warranted for that entity. In some embodiments, this is performed using various features (e.g., importance, actor type, velocity, and breadth).Type: ApplicationFiled: November 30, 2023Publication date: June 13, 2024Applicant: Vectra AI, Inc.Inventors: Daniel Carlton Hannah, Himanshu Mhatre, Sohrob Kazerounian, Timothy John Wade, Karl Lynn, Stephen Malone
-
Patent number: 11973768Abstract: Disclosed is an improved method, system, and computer program product for identifying malicious payloads. The disclosed approach identifies potentially malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.Type: GrantFiled: November 24, 2020Date of Patent: April 30, 2024Assignee: Vectra AI, Inc.Inventors: Nicolas Beauchesne, John Steven Mancini
-
Patent number: 11880764Abstract: Disclosed is an approach for detecting malicious network activity (e.g. based on a data hoarding activity identifies using a graph mixture density neural network (GraphMDN)). Generally, the approach includes generating embeddings using a graph convolution process and then processing the embeddings using a mixture density neural network. The approach may include collecting network activity data, generating a graph representing the network activity, or an aggregation thereof that maintains the inherent graphical nature and characteristics of the data, and training a GraphMDN in order to generate pluralities of distributions characterizing one or more aspects of the graph representing the network activity. The approach may also include capturing new network activity data, and evaluating that data using the distributions generated by the trained GraphMDN, and generation corresponding detection results.Type: GrantFiled: September 23, 2020Date of Patent: January 23, 2024Assignee: Vectra AI, Inc.Inventors: Sohrob Kazerounian, Daniel Carlton Hannah, Tuomas P. Oikarinen
-
Publication number: 20230319086Abstract: Disclosed herein is an approach that includes providing a system for managing and expanding knowledge in a knowledge base. In some embodiments, the system comprises an expert system which performs a number of functions including data ingestion, application of a data retention policy, monitoring of a network system including deployments of detection signatures on the network system, response and alert management, posturing, and relevant automation. In some embodiments, the expert system interconnects with a war gaming engine to identify attack vectors to protected resources. In some embodiments, a collection of functions or modules is provided in place of the expert system—e.g., traditional programing techniques are used to provide functions or modules to perform similar processes using one or more function calls between the provided functions or modules.Type: ApplicationFiled: March 30, 2023Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
-
Publication number: 20230319067Abstract: Disclosed is an approach for network security management using software representation that embodies network configuration and policy data. In some embodiments, the approach includes a process to generate a software representation of what is possible based on a network configuration and policy data. The software representation comprises a state machine where different states can be reached using respective transitions or properties why are possible as determined based on the network configuration and policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection. The software representation can then be stimulated to identify sequences of state-to-state transitions which may in turn be processed to generate corresponding detection signatures for use in monitoring the network.Type: ApplicationFiled: April 1, 2022Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson IV, Karl Matthew Lynn
-
Publication number: 20230319100Abstract: Disclosed is an approach for analyzing attack paths in computer network generated using a software representation that embodies network configuration and policy data for security management. In some embodiments, the approach includes a process to analyze attack paths in a computer network to determine which attack paths might be most productively covered using a corresponding detection signature. In some embodiments, the attack paths are identified using a software representation that embodies network configuration and policy data. The software representation comprises a state machine where different states can be reached using respective transitions or properties. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection in the software representation using crash statements.Type: ApplicationFiled: April 1, 2022Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
-
Publication number: 20230319050Abstract: Disclosed is an approach for generating a software representation that embodies network configuration and policy data of a computer network for use in security management. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on the network configuration and network policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection. The software representation can then be stimulated with various inputs to identify sequences of state-to-state transitions which may in turn be processed to generate corresponding detection signatures for use in monitoring the network.Type: ApplicationFiled: April 1, 2022Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
-
Publication number: 20230315413Abstract: Disclosed is an approach for solving arbitrary constraint satisfaction problems. In some embodiments, the approach includes a process to generate a software representation of what is possible based on a system corresponding to the constraint satisfaction problem. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on a current state of the system and parameters thereof whether global or otherwise.Type: ApplicationFiled: February 10, 2023Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
-
Publication number: 20230318845Abstract: Disclosed is an approach for generating detection signatures based on analysis of a software representation of what is possible in a computer network based on network configuration data and network policy data. In some embodiments, the process includes maintaining a plurality of detection signature templates, generation of detection signatures (detection signature instances) using respective detection signature templates that are selected based on the analysis of the software representation. In some embodiments, detection signatures templates are of different type and may be deployed at different locations based on their respective type(s), such as at source, destination.Type: ApplicationFiled: April 1, 2022Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson IV, Karl Matthew Lynn
-
Publication number: 20230319068Abstract: Disclosed is an approach for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management. The software representation comprises a state machine where different states can be reached using respective transitions or properties which are possible as determined based on the network configuration and network policy data. The states correspond to respective entities on the network which may comprise resources that are identifiable for protection in the software representation using crash statements. The software representation can then be stimulated using software analysis tools such as fuzzers to identify sequences of state-to-state transitions that could be used to compromise a protected resource on the computer network.Type: ApplicationFiled: April 1, 2022Publication date: October 5, 2023Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Sohrob Kazerounian, William Stow Finlayson, IV, Karl Matthew Lynn
-
Patent number: 11595416Abstract: Disclosed is an improved approach for identifying security risks and breaches in a network by applying machine learning methods that learn resource access patterns in the network. Specifically, by observing the access pattern of the network entities (e.g. accounts, services, and hosts) from authorization requests/responses, the model through unsupervised learning, organizes the entity relationships into an ensemble of hierarchical models. The ensemble of hierarchical models can then be leveraged to create a series of metrics that can be used to identify various types of abnormalities in the access of a resource on the network. For instance, by further classifying the access request for a resource using abnormality scores into detection scenarios, the model is able to detect both an abnormality and the type of abnormality and include such information in a corresponding alarm when a security breach happens.Type: GrantFiled: April 28, 2020Date of Patent: February 28, 2023Assignee: Vectra AI, Inc.Inventors: Hsin Chen, Nicolas Beauchesne, Himanshu Mhatre, John Steven Mancini
-
Patent number: 11330005Abstract: Disclosed is an improved approach for detecting potentially malicious activity on a network. The present improved approach generates a multi-dimensional activity model based on captured network activity. Additional network activity is captured, and relative activity values are determined therefor. Determination of whether the additional network activity corresponds to potentially malicious activity is obtained by fitting the relative activity values of the additional network activity to the multi-dimensional relative activity model.Type: GrantFiled: April 15, 2019Date of Patent: May 10, 2022Assignee: Vectra AI, Inc.Inventors: Nicolas Beauchesne, Himanshu Mhatre, Daniel Carlton Hannah
-
Publication number: 20210105290Abstract: Disclosed is an improved method, system, and computer program product for identifying malicious payloads. The disclosed approach identifies potentially malicious payload exchanges which may be associated with payload injection or root-kit magic key usage.Type: ApplicationFiled: November 24, 2020Publication date: April 8, 2021Applicant: Vectra AI, Inc.Inventors: Nicolas Beauchesne, John Steven Mancini
-
Publication number: 20210092140Abstract: Disclosed is an approach for detecting malicious network activity (e.g. based on a data hoarding activity identifies using a graph mixture density neural network (GraphMDN)). Generally, the approach includes generating embeddings using a graph convolution process and then processing the embeddings using a mixture density neural network. The approach may include collecting network activity data, generating a graph representing the network activity, or an aggregation thereof that maintains the inherent graphical nature and characteristics of the data, and training a GraphMDN in order to generate pluralities of distributions characterizing one or more aspects of the graph representing the network activity. The approach may also include capturing new network activity data, and evaluating that data using the distributions generated by the trained GraphMDN, and generation corresponding detection results.Type: ApplicationFiled: September 23, 2020Publication date: March 25, 2021Applicant: Vectra AI, Inc.Inventors: Sohrob Kazerounian, Daniel Carlton Hannah, Tuomas P. Oikarinen
-
Patent number: 10880321Abstract: Disclosed is an improved method, system, and computer program product for learning representations or embeddings of network flow traffic. The disclosed invention operates on network flow data which are then used as inputs to a deep-learning architecture that learns to embed the data into a vector space.Type: GrantFiled: January 27, 2018Date of Patent: December 29, 2020Assignee: Vectra AI, Inc.Inventors: Matthew R. Silver, Sohrob Kazerounian
-
Publication number: 20200374308Abstract: Disclosed is an improved approach for identifying security risks and breaches in a network by applying machine learning methods that learn resource access patterns in the network. Specifically, by observing the access pattern of the network entities (e.g. accounts, services, and hosts) from authorization requests/responses, the model through unsupervised learning, organizes the entity relationships into an ensemble of hierarchical models. The ensemble of hierarchical models can then be leveraged to create a series of metrics that can be used to identify various types of abnormalities in the access of a resource on the network. For instance, by further classifying the access request for a resource using abnormality scores into detection scenarios, the model is able to detect both an abnormality and the type of abnormality and include such information in a corresponding alarm when a security breach happens.Type: ApplicationFiled: April 28, 2020Publication date: November 26, 2020Applicant: Vectra AI, Inc.Inventors: Hsin Chen, Nicolas Beauchesne, Himanshu Mhatre, John Steven Mancini